Phishinge-mail and Web-based efforts by online scammers to hijack personal information from unsuspecting usershit home at PC Magazine this week. A number of magazine staffers, who are members at eBay, received highly official looking e-mails, purportedly from eBay's accounts management department, asking for credit card information, a social security number, and more. The magazine staffers caught the ruse and notified eBay, but users should be warned that a fake eBay mail scam is making the rounds.

The trick message arrived with a very official looking header featuring eBay's logo. It was signed "Thank you, Accounts Management." The text read: "Dear eBay Member, We at eBay are sorry to inform you that we are having problems with the billing information of your account. We would appreciate it if you would visit our website, eBay Billing Center, and fill out the proper information that we are needing to keep you as an eBay member." The "eBay Billing Center" referenced was a link to a Web page asking for a credit card number, a social security number, and more. The message also contained an "ebay.com" suffix, just as a real message from an eBay employee might.

As is often true in spoof messages and phishing efforts, the trick e-mail contained telltale signs that it did not come from eBay. The subject line of the message read "eBay Member Billing Information Uptade" with the word "update" misspelled. The text string "fill out the proper information that we are needing" also had suspicious syntax.

The PC Magazine staffers who received the solicitation contacted eBay about the e-mail in question and received a lengthy response back, saying that the message was not generated by eBay. The response included the following text: "Thank you for contacting eBay's Trust and Safety Department about e-mail solicitations that are falsely made to appear to have come from eBay. These e-mails, commonly referred to as "spoof" messages, are sent in an attempt to collect sensitive personal information from recipients who reply to the message or click on a link to a Web page requesting this information. The e-mail you reported did not originate from, nor is it endorsed by, eBay. We are very concerned about this problem and are working diligently to address the situation. We have investigated the source of this e-mail and have taken appropriate action."

The message from eBay's Trust and Safety Department also warns against supplying personal information in any e-mail and says that eBay will never ask, via e-mail, for information such as a credit card number or an e-mail password. It says that users who are suspicious of any message appearing to come from eBay should not click on any links supplied within the e-mail and that users can mail a question to spoof@ebay.com.

This latest ruse falls in line with growing amounts of data showing that online identity theft is an out-of-control problem. According to a recent FTC survey, 27.3 million Americans have been victims of identity theft in the last five years, and a whopping 9.9 million people joined this unfortunate list in just the last 12 months. "For several years we have been seeing anecdotal evidence that identity theft is a significant problem that is on the rise," said Howard Beales, Director of the FTC's Bureau of Consumer Protection, in announcing the survey results. "Now we know."

To learn more about "Phishing" and how to identify and combat it, click here.

About the Author

Sebastian Rupley is Editorial Director for PCMagCast, PC Magazine's channel for live Web seminars and online events on tech topics for consumers and small businesses. Previously, he was West Coast Editor of PC Magazine for over a decade, where he oversaw news and feature stories for the publication, and represented the brand on panels and at confer... See Full Bio

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.